Say it ain’t so! EVER SINCE A Carnegie Mellon talk on cracking the anonymity software Tor was abruptly pulled from the schedule of the Black Hat hacker conference last year, the security community has been left to wonder whether the research was silently handed over to law enforcement agencies seeking to uncloak the internet’s anonymous…
Category: Cyber-Crime
Why Your Secure Building Isn’t
Better Security through Penetration Testing My book, Red Team: How to Succeed by Thinking Like the Enemy, provides the first in-depth investigation into the work of red teams in the military, intelligence, homeland security and private sectors, revealing the best practices, most common pitfalls, and most effective applications of their work. Below is an adaptation….
Technology and Privacy: Signal, the Crypto App Comes to Android
SINCE IT FIRST appeared in Apple’s App Store last year, the free encrypted calling and texting app Signal has become the darling of the privacy community, recommended—and apparently used daily—by no less than Edward Snowden himself. Now its creator is bringing that same form of ultra-simple smartphone encryption to Android. On Monday the privacy-focused non-profit…
Facebook Friend or Terrorist: Who’s in Your Online Social Network?
As a law enforcement officer in Northeast Florida, the arrest of a 19-year-old local man named Shelton Thomas Bell got my attention. In January of this year, Bell was sentenced to twenty years in federal prison for conspiring and attempting to provide material support to terrorists. He burned American flags, recruited support locally, conducted “training…
Teen who Hacked CIA Director’s Email Tells How he Did It
A HACKER WHO claims to have broken into the AOL account of CIA Director John Brennan says he obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief’s personal information. Using information like the four digits of Brennan’s bank card, which Verizon easily relinquished, the hacker and his…
Iran’s Cyber-Espionage Tricks
A group of suspected Iranian hackers are using a sophisticated network of fake LinkedIn profiles to spy on unsuspecting targets worldwide — including the U.S. — according to a new report. The fake personas fell into two groups: one set that were fully developed profiles posing as recruiters for major worldwide government contractors and international…
What @Snowden told me about NSA’s Cyberweapons
By James Bamford Stephen Gerwin, chief of the Howard County Bureau of Utilities, it was “a peculiar project.” His workers were told they needed to get background checks and sign nondisclosure forms before they could begin work on a wastewater pump station in a forested area near the Little Patuxent River. “You sign a document…
OPM Now Admits 5.6 Million Feds Fingerprints Were Stolen by Hackers
WHEN HACKERS STEAL your password, you change it. When hackers steal your fingerprints, they’ve got an unchangeable credential that lets them spoof your identity for life. When they steal 5.6 million of those irrevocable biometric identifiers from U.S. federal employees—many with secret clearances—well, that’s very bad. On Wednesday, the Office of Personnel Management admitted…
The CIA’s Campaign to Steal Apple’s Secrets
RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security…
Spy Agency Contractor Puts Out a $1M Bounty for an iPhone Hack
AS LONG AS hackers have sold their secret hacking techniques known as zero-day exploits to government spies, they’ve generally kept that trade in the shadows. Today it’s come into the spotlight with the biggest bounty ever publicly offered for a single such exploit: $1 million for a technique that can break into an iPhone or…